Wednesday, August 15, 2012

EFF has issued a press release about
U.S. v. Jones, a case in the District Court for the District
of Columbia:

A federal district
court is poised to determine whether the government can use cell
phone data obtained without a warrant to establish an individual’s
location. In an amicus brief filed Monday, the Electronic Frontier
Foundation (EFF) and the Center for Democracy & Technology (CDT)
argue that this form of surveillance is just as unconstitutional as
the warrantless GPS tracking the U.S. Supreme Court already shot down
in this case.

“Location data
is extraordinarily sensitive. It can reveal where you worship, where
your family and friends live, what sort of doctors you visit, and
what meetings and activities you attend,” said EFF Senior Staff
Attorney Marcia Hofmann. “Whether this information is collected by
a GPS device or a mobile phone company, the government should only be
able to get it with a warrant based on probable cause that’s
approved by a judge.”

Meanwhile, in the Sixth Circuit, the
Court of Appeals has issued its opinion in U.S. v. Skinner ,
and it’s not good news for privacy advocates. Unlike Jones,
law enforcement did not attach a GPS to a suspect’s car, but did
ping his cellphone to discover his location.
Here’s the beginning of the opinion:

When
criminals use modern technological devices to carry out criminal acts
[If the cell phone was just “along for the ride” would the
decision have been different? Bob] and to reduce the
possibility of detection, they can hardly complain when the police
take advantage of the inherent characteristics of those very devices
to catch them. This is not a case in which the government secretly
placed a tracking device in someone’s car. The drug runners in
this case used pay-as-you-go (and thus presumably more difficult to
trace) cell phones to communicate during the cross- country shipment
of drugs. Unfortunately for the drug runners, the phones were
trackable in a way they may not have suspected. The
Constitution, however, does not protect their erroneous expectations
regarding the undetectability of their modern tools.

The government
used data emanating from Melvin Skinner’s pay-as-you-go cell phone
to determine its real-time location. This information was used to
establish Skinner’s location as he transported drugs along public
thoroughfares between Arizona and Tennessee. As a result of tracking
the cell phone, DEA agents located Skinner and his son at a rest stop
near Abilene, Texas, with a motorhome filled with over 1,100 pounds
of marijuana. The district court denied Skinner’s motion to
suppress all evidence obtained as a result of the search of his
vehicle, and Skinner was later convicted of two counts related to
drug trafficking and one count of conspiracy to commit money
laundering. The convictions must be upheld as there was no Fourth
Amendment violation, and Skinner’s other arguments on appeal lack
merit. In short, Skinner did not have a reasonable expectation of
privacy in the data emanating from his cell phone that showed its
location.

Citing Knotts, the opinion
explains:

There is no Fourth
Amendment violation because Skinner did not have a reasonable
expectation of privacy in the data given off by his voluntarily
procured pay- as-you-go cell phone. If a tool used to transport
contraband gives off a signal that can be tracked for location,
certainly the police can track the signal. The law cannot be that a
criminal is entitled to rely on the expected untrackability of his
tools. Otherwise,dogs could not be used to track a fugitive if the
fugitive did not know that the dog hounds had his scent. A getaway
car could not be identified and followed based on the license plate
number if the driver reasonably thought he had gotten away unseen.
The recent nature of cell phone location technology does not change
this. If it did, then technology would help criminals but not the
police. It follows that Skinner had no expectation of privacy in the
context of this case, just as the driver of a getaway car has no
expectation of privacy in the particular combination of colors of the
car’s paint.

Lest you think this just applies to
criminals, the court hastens to assure that the lack
of expectation of privacy from government pings applies to us all.
In a footnote, they write:

We do not mean to
suggest that there was no reasonable expectation of privacy because
Skinner’s phone was used in the commission of a crime, or that the
cell phone was illegally possessed. On the contrary, an innocent
actor would similarly lack a reasonable expectation of privacy in the
inherent external locatability of a tool that he or she bought.

Orin Kerr offered some comments on
yesterday’s opinion in U.S. v. Skinner, previously
mentioned on this blog. Here’s part of his commentary:

1) Unless I’m
just missing something obvious, the opinion seems
pretty vague on the technological facts. The majority
opinion initially says that the government obtained a court order
ordering the cell phone company to release “cell site information,
GPS real-time location, and ‘ping’ data” for the phone used by
the suspect. It then says that the government tracked the suspect’s
location by “pinging” the cell phone over three days. Later on,
the majority opinion (and the concurrence) refers to the location
information as “GPS location information.” But cell-cite
information and GPS information are different, and “pinging” the
cell phone could mean actively sending a request for cell-site data,
actively sending a request for GPS data, or something else. So I’m
a bit murky on the facts of what happened, which makes it hard to
know what to make of the court’s analysis.

2) The murkiness
of the facts are particularly unfortunate because the reasoning of
the majority opinion relies heavily on cell phones broadcasting
location information as just part of the way that they work. But
if pinging the cell phone means actively sending a request to the
phone to return its current GPS location, that’s not just how cell
phones work: That’s the product of the cell phone provider setting
up a mechanism by which the government can manipulate the phone into
revealing its location. That seems to be a very different
category of Fourth Amendment problem than a problem of how a
technology “naturally” works.

The government
suspected defendant was involved in illegal gang activity and secured
the assistance of a cooperating witness who was a Facebook friend of
defendant. Viewing defendant’s profile using the friend’s
account, the government gathered evidence of probable cause
(discussion of past violence, threats, and gang loyalty maintenance)
which it used to swear out a search warrant.

"The German Federal Court of
Justice has ruled that ISPs have to turn
over to rights-holders the names and addresses of illegal file
sharers, but only 'if a judge rules that
the file sharer indeed infringed on copyright,'
said the court's spokeswoman, Dietlind Weinland. The ruling
overturns two previous rulings by regional courts and is significant
because the violation doesn't have to happen
on a commercial scale, but applies whenever 'it is
possible to know who was using an IP address at the time of the
infringement,' the court said."

A federal judge
refused to throw out claims that a right-wing activist violated the
privacy of an ACORN worker who was taped counseling defendant James
O’Keefe, who sought advice on how to fill his house with underage
prostitutes.

Juan Carlos Vera
sued
O’Keefe and his associate Hanna Giles in Federal Court on privacy
claims, after O’Keefe secretly filmed Vera at an ACORN office in
National City in 2009.

The twitter account for Alexa Dell,
daughter of Dell founder Michael Dell, has been deactivated following
security concerns prompted by her detailed account of the family’s
whereabouts.

The security of the CEO, who expects to
spend $2.7
million in 2012 t0 keep his family safe, came
under question after an photo of Zachary Dell was posted by his
sister Alexa on photo-sharing app Instragram, according to Bloomberg
Businessweek

The teenager shared a photo of Zachary
devouring cuisine in a private plane on a trip to Fiji. But, that’s
not all, the magazine reported. Like millions of others who use
social network sites, she would often-times detail the time, date and
location of many events attended by the family, including trips to
New York City and a high school graduation dinner, according to
Bloomberg Businessweek.

Testing
software should mean you test all of it. (This somewhat conflicts
with earlier reports) And running new or old software, you should
always know what is happening and which program does what.

"Knight
Capital Group Inc.'s accidental trades earlier this month were
triggered by a flawed upgrade of trading software that caused an
older trading system connected to the computer code to inadvertently
go 'live' on the market, according to people familiar with the
matter. The errors at Knight on Aug. 1 involved new code the Jersey
City, N.J.-based brokerage designed to take advantage of the launch
of a New York Stock Exchange trading program, which was introduced
that day to attract more retail-trading business to the Big Board,
the people say. ... When NYSE Euronext trading floor officials
called Knight at about 9:35 a.m. to try to pinpoint the cause of
unusual swings in dozens of stocks, just after the Big Board opened
for trading, Knight traders and their supervisors had a difficult
time detecting where in its systems the problem was located, say
people familiar with the morning's events. The
NYSE had to call Knight several times before deciding to shut the
firm off, the people say."

Links

About Me

I live in Centennial Colorado. (I'm not actually 100 years old., but I hope to be some day.) I'm an independant computer consultant, specializing in solving problems that traditional IT personnel tend to have difficulty with... That includes everything from inventorying hardware & software, to converting systems & data, to training end-users. I particularly enjoy taking on projects that IT has attempted several times before with no success. I also teach at two local Universities: everything from Introduction to Microcomputers through Business Continuity and Security Management. My background includes IT Audit, Computer Security, and a variety of unique IT projects.